STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214282r612241_rule
V-214282
SRG-APP-000141-WSR-000082
AS24-U2-000310
CAT II
10
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Remove any scripts in "cgi-bin" directory if they are not needed for application operation.
Ensure this process is documented and approved by the ISSO.
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Review "Script", "ScriptAlias" or "ScriptAliasMatch", or "ScriptInterpreterSource" directives.
Go into each directory and locate "cgi-bin" files.
If any scripts are present that are not needed for application operation, this is a finding.
If this is not documented and approved by the Information System Security Officer (ISSO), this is a finding.
V-214282
False
AS24-U2-000310
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Review "Script", "ScriptAlias" or "ScriptAliasMatch", or "ScriptInterpreterSource" directives.
Go into each directory and locate "cgi-bin" files.
If any scripts are present that are not needed for application operation, this is a finding.
If this is not documented and approved by the Information System Security Officer (ISSO), this is a finding.
M
3997